Hi Jared, There is a session cookie which is cleared if Student A clicks "Sign out". If Student A does not click "Sign out", the session will be resumed when the browser goes to http://mail.google.com/a/domain.com again. Closing the browser window is not enough to clear the cookie. The "Sign out" link looks like:
http://mail.google.com/a/domain.com/?logout What some admins have done is to forward the user to that URL as part of their own log off process. -alex On Jan 16, 4:13 pm, JWise1203 <[EMAIL PROTECTED]> wrote: > We have the following situation: > > 1. Student A logs into Google mail via .NET SSO API from our student > portal. > 2. Student A reads their mail from a (window.open()) page. > 3. Student A closes the Google mail window once finished (without > clicking the "sign out" link). > 4. Student A logs off the student portal (original referring page), > but does not close the browser. > 5. Student A leaves. > 6. Student B (new) logs into the student portal using the same browser > and their portal student information shows correctly. > 7. Student B logs into Google mail (window.open()) and (wait for > it) . . . they receive Student A's email account. > > It looks like the "session" is not closing on the API request. > Meaning, if Student A was successful in logging into the Google Mail > service, then when Student B logs in, it is still authenticated and > uses A's credentials. NOTE: When the student clicks "Sign Out", the > page does load the next student's account login correctly, as > expected. > > Thoughts? > > -Jared --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Apps APIs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/google-apps-apis?hl=en -~----------~----~----~----~------~----~------~--~---
